The municipal executive of Leiden – Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that the municipality of Leiden could continue using a third-party HR service to process employee data, despite an employee's objections. The court found the municipality had legitimate reasons for the data processing. This case highlights the balance between employee privacy and organizational needs.
What happened
The court allowed Leiden to use third-party HR services for employee data despite objections.
Who was affected
An employee of the municipality of Leiden concerned about third-party access to his personal data.
What the authority found
The court decided that the municipality had legitimate grounds for processing the data, which outweighed the employee's concerns.
Why this matters
This case illustrates the challenges of balancing employee privacy with organizational efficiency. It shows that companies must have strong justifications for using third-party services to handle personal data and be transparent with employees about data processing practices.
GDPR Articles Cited
The appellant is a civil servant at the municipality of Leiden. He does not want the municipality to share his personal data with third parties because he fears he would lose control over his data. The municipality of Leiden outsources its HR administration to Service71; Service71 uses YouForce as the HRM tool which is offered by RAET B.V. On 15 January 2018 the municipality denied appellant’s request to delete his performance reports and assessments from YouForce. Appellant has also objected to the processing of his data by the company Mindtree in India. In the appealed decision the Court of First Instance of the Hague considered that the municipality had compelling and legitimate grounds for the data processing, which override the interests of the appellant. The Court found no evidence that the appellant’s personal data was processed in India by the employees of Mindtree. The appellant argues that: 1. The Court failed to recognize that his request should also be considered as an access request because it was not possible for him to make sure that the data processing in question was lawful. 2. The municipality has no legal basis for sharing his data with Service71 and RAET B.V. and that the data processing itself is excessive. 3. Personal data of employees, including the appellant, can be accessed by the company Mindtree in India. On the first point, the Council ruled that the appellant had already had direct access to his data via the YouForce personnel file, which means his request should not have been considered as access request. On the second point, the Council established that the appellant did not object to the performance reports and assessments as such. He also did not object to having these reports digitalized, provided that the storage would take place on the premises of the municipality, for example on the computer of his supervisor. However, appellant did not want the reports to be stored by third parties, such as Servicepunt71 and RAET B.V. It
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for The municipal executive of Leiden in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. The municipal executive of Leiden - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: